ports/96436: [patch] x11/xorg-clients: logging on xdm with pam_krb does not create a ticket file

Thu Apr 27 23:00:40 UTC 2006

>Number:         96436
>Category:       ports
>Synopsis:       [patch] x11/xorg-clients: logging on xdm with pam_krb does not create a ticket file
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 27 23:00:34 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Boris B. Samorodov
>Release:        FreeBSD 6.1-RC i386
>Organization:
InPharmTech, Co. http://www.ipt.ru
>Environment:
System: FreeBSD srv.sem.ipt.ru 6.1-RC FreeBSD 6.1-RC #1: Fri Apr 14 18:29:53 MSD 2006 bsam at srv.sem.ipt.ru:/usr/obj/usr/src/sys/SRV i386

>Description:
	Current xdm code doesn't create a ticket file when logging on
	xdm using pam_krb5. You are authenticated by kerberos, get the
	GUI. But not the ticket file.

	The function pam_setcred() at xdm/session.c is never reached.

	Note: I can't say that it is a good solution -- just to copy
	the code which is never reached to a new place. But it works
	for me.
>How-To-Repeat:
	1. Install x11/xorg-clients.
	2. Create a kerberos account at KDC.
	3. Uncomment next line at /etc/pam.d/xdm:
           auth            sufficient      pam_krb5.so             try_first_pass
	4. Load xdm.
	5. Login on xdm with kerberos account.
	6. Run klist. (No ticket file)
>Fix:
	The patch is relative to the port:
	# cd ports/x11
	# patch -p0 < _the_patch_
	<delete xorg-clients/*.orig, xorg-clients/files/*.orig>

===== the patch begins here =====
diff -ruN xorg-clients.orig/Makefile xorg-clients/Makefile

--- xorg-clients.orig/Makefile	Fri Apr 28 02:28:18 2006
+++ xorg-clients/Makefile	Fri Apr 28 02:29:30 2006
@@ -7,7 +7,7 @@
 
 PORTNAME=	xorg-clients
 PORTVERSION=	6.9.0
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	x11
 MASTER_SITES=	${MASTER_SITE_XORG}
 MASTER_SITE_SUBDIR=	X11R${PORTVERSION}/src
diff -ruN xorg-clients.orig/files/patch-xdm_session.c xorg-clients/files/patch-xdm_session.c
--- xorg-clients.orig/files/patch-xdm_session.c	Fri Apr 28 02:28:18 2006
+++ xorg-clients/files/patch-xdm_session.c	Fri Apr 28 01:46:29 2006
@@ -8,7 +8,7 @@
  #endif
  #ifdef K5AUTH
  # include <krb5/krb5.h>
-@@ -529,6 +528,7 @@
+@@ -533,6 +532,7 @@
      int	pid;
  #ifdef HAS_SETUSERCONTEXT
      struct passwd* pwd;
@@ -16,7 +16,20 @@
  #endif
  #ifdef USE_PAM
      pam_handle_t *pamh = thepamh ();
-@@ -610,6 +610,8 @@
+@@ -576,6 +576,12 @@
+ 	    for(i = 0; pam_env && pam_env[i]; i++) {
+ 		verify->userEnviron = putEnv(pam_env[i], verify->userEnviron);
+ 	    }
++	    pam_error = pam_setcred (pamh, PAM_ESTABLISH_CRED);
++	    if (pam_error != PAM_SUCCESS) {
++		LogError ("pam_setcred for \"%s\" failed: %s\n",
++			 name, pam_strerror(pamh, pam_error));
++		return(0);
++	    }
+ 	}
+ #endif
+ 
+@@ -648,6 +654,8 @@
  	 * Set the user's credentials: uid, gid, groups,
  	 * environment variables, resource limits, and umask.
  	 */
@@ -25,7 +38,7 @@
  	pwd = getpwnam(name);
  	if (pwd) {
  	    if (setusercontext(NULL, pwd, pwd->pw_uid, LOGIN_SETALL) < 0) {
-@@ -617,6 +619,7 @@
+@@ -655,6 +663,7 @@
  		    errno);
  		return (0);
  	    }
===== the patch ends here =====

WBR
-- 
bsam
>Release-Note:
>Audit-Trail:
>Unformatted:

